13e914474a460fafb785e9e3684343f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13e914474a460fafb785e9e3684343f9
Size

378KB
MD5

13e914474a460fafb785e9e3684343f9
SHA1

9fd3e25878f59172f34b82a5a74ed15d476716a3
SHA256

f50a6da5670d522df13b0b7b05cbb9215096e2d3815285a2c0c34ee267d687cd
SHA512

972a8632d71cc94bf8f77d8775e44793946023e6117c9e8390852817cbf858670ba1f6147940e1e7a3c36eae543feb4fa98a3d00d171e9a01b06cd5e8dd0b6e4
SSDEEP

6144:qP7adW6dRmc3hyvMeMqqPqydDTtslBxRg6O9+3NCNCn6hfv0n/QKCRhYS:o7WWuy0eMq3ydDubxRg6q+H6tCCRhf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13e914474a460fafb785e9e3684343f9

Files

13e914474a460fafb785e9e3684343f9
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 368KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ